ClawHub

The Agent Payment Rails Playbook

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable payment guide, but it needs review because its examples can affect real payments while the sandbox and live-production language is inconsistent.

Review before installing or following the examples. Treat the guide as sandbox-only until you deliberately configure live endpoints, use test-mode and narrowly scoped credentials, replace live-style placeholders, and require explicit human approval for any payment, deposit, dispute, escrow, signing, settlement, or webhook action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The guide claims a human-in-the-loop approval flow, but the example silently auto-approves payments under $50 without waiting for any human response. In a payments skill, that mismatch is dangerous because integrators may rely on the narrative and deploy code that authorizes real spending autonomously, defeating a key safety control.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill repeatedly markets the examples as 'production code' and 'tested against the live gateway' while lacking an equally prominent warning that using live credentials or endpoints can move funds or trigger irreversible payment actions. That creates a realistic risk that users copy-paste examples into a real environment and execute financial operations unintentionally.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The ACP/card section demonstrates passing an SPT/live payment token into a confirmation flow that can charge a user's payment method, but it does not prominently warn readers of that consequence. In a payment integration guide, omission of that warning increases the chance of accidental live charges and unauthorized spending during testing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The wallet provisioning example includes fund deposits and budget setup but does not clearly warn that the flow can allocate or move real funds into an agent wallet in live environments. That is risky because operators may treat it as harmless setup code when it actually changes financial state and available spending capacity.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The dispute and escrow examples can lock funds, trigger refunds, or file actions against counterparties, yet the guide does not explicitly warn that these operations have real external effects on live systems. In payment/dispute workflows, accidental execution can cause financial holds, operational disruption, or reputational harm to other parties.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal